Fast Key-changing Hardware Apparatus for AES Block Cipher

ABSTRACT

A fast key-changing hardware apparatus, which generates one sub-key each clock cycle, which is used by advanced encryption system (AES) algorithm block cipher, is independent from the AES algorithm block cipher. The invented apparatus automatically generate expanded keys from the input cipher key, store them in the key expanded RAM and ready to be used by the AES algorithm block cipher. If the key changing and the key expanding speed in the fast key-changing device is as fast as the data block (i.e. 128, 192, or 256 bits) processing speed in the AES algorithm block cipher, the cipher system has the characteristic of one-time pad perfect cryptography. When using this device with a fixed key cipher system, the original input cipher key can be detached or destroyed from the system and guarantees the safety of the cipher key.

REFERENCES CITED [REFERENCED BY]

U.S. Patent Documents 6,026,490 February 2000 Johns-Vano et al. 6,937,727 August 2005 Yup et al. 6,973,187 December 2005 Gligor et al. 7,088,826 August 2006 Houlberg et al. 7,106,860 September 2006 Yu et al. 7,194,090 March 2007 Muratani et al. 7,211,763 May 2007 Verbauwhede et al. 7,337,314 February 2008 Hussain et al. 7,539,876 May 2009 Henry et al. 20010033656 October 2001 Gligor et al. 20010050989 December 2001 Zakiya et al. 20020101985 August 2002 Calvignac et al. 20030039354 February 2003 Kimble et al. 20030223580 December 2003 Snell et al. 20040047466 March 2004 Feldman et al. 20040202317 October 2004 Demjanenko et al.

OTHER REFERENCES

-   Jorg J. Buchholz, “MATLAB Implementation of the Advanced Encryption     Standard”, http://buchholz.hs-bremen.de, Dec. 19, 2001. cited by     other. -   Behrouz A. Forouzan, “Cryptography and Network Security”, pp     207-212, 2008. cited by other.

Primary Examiner: Assistant Examiner: DESCRIPTION Background of the Invention

(a) Field of the Invention

The invention involves a cryptographic apparatus, a symmetric key block cipher algorithm known as Rijndael or AES and its hardware implementation. The invention allows on-the-fly cipher key changing in both encryption and decryption directions. If the processing rate of plaintext/ciphertext is as fast as the cipher key-changing rate while the cipher key is not repeated, the invention has the property of one-time pad perfect cryptography.

(b) Description of the Prior Arts

People discovered that media content encryption is necessary when identity theft increased. There is a lot of content encryption algorithms exist on the market. AES is the newest cryptography standard that National Institute of Standards and Technology (NIST) authorized and has not been broken yet. Therefore it is the most secure algorithm today. There is another algorithm which makes decipher difficult to decrypt the content of a message is called one-time pad perfect encryption. This perfect encryption algorithm requires to change the cipher key each time the input plaintext changes, and the cipher key is not repeated. The invented apparatus implements these two algorithms and tries to form a most secured encryption/decryption device.

Most of the AES algorithm hardware device design concentrated on high throughput, high performance capability. In order to achieve the request for high throughput, the expanded key generator and the AES algorithm block cipher are normally bonded together and operates synchronously. In other words, the AES algorithm block cipher needs the key generator generates a round of sub-key simultaneously to implement one round of AES algorithm for the input plaintext. Therefore, the input cipher key needs to be attached to the cipher system at all time. Since the key is outside of the cipher system, leaves thieves opportunity to steal the cipher key. The high throughput/high performance architecture mentioned above gives up the key changing flexibility and key security ability.

The apparatus invented is to solve the problem mentioned above. It separates the expanded key generator and AES algorithm block cipher. These two modules operate asynchronously. The fast key changing hardware device has the ability to expand one sub-key each clock cycle and its input cipher key can be changed on the fly. As the input cipher key changed, the key generator will expand another set of sub-keys according to the changed cipher key. The expanded sub-keys are stored in an expanded key RAM. The AES algorithm block cipher can retrieve its round key accordingly. When the changing rate of the input cipher key, which is a non-repeated key stream, is matched with the plaintext encryption rate, the cipher system is a one-time pad perfect cryptography system.

When using this system as a fixed key cipher, the original input cipher key can be detached or destroyed from the system since the expanded keys are already stored in the build-in RAM and is not accessible from outside of the system. Thus, keep the keys in secure.

SUMMARY

A fast key-changing device is invented and solves the problem mentioned above. It is independent from the AES algorithm block cipher. The key-changing device has the capability to generate one sub-key each clock cycle. The expanded keys are stored in an expanded key RAM and are ready for AES algorithm block cipher to retrieve it. The cipher key-changing rate can be matched with the AES algorithm block cipher encryption rate and forms a one-time pad perfect cryptography system.

The circuit architecture of this fast key changing device can be different in many ways. The architecture described above is only an illustration. It may be modified within the scope and equals to the described claims.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram showing the interaction between the AES algorithm block cipher and the key generator.

FIG. 2 is a diagram showing the data flow within the key generator and the interface with the AES algorithm block cipher.

DETAILED DESCRIPTIONS

A fast-key changing device 16 in FIG. 1 is also called a key generator is independent from the AES algorithm block cipher 15. The AES algorithm block cipher 15 uses the sub-round key, which is generated by the key generator 16 to process a round of AES algorithm to the inputting plaintext block (i.e., 128, 192, 256 bits) every clock cycle. The AES algorithm block cipher 15 will start its operation after it receives the “ready” signal 106 from the key generator 16. The ready signal 106 is to inform the AES algorithm block cipher 15 the expanded keys are stored and ready in the expanded key RAM 14 in FIG. 2. The key generator 16 and the AES algorithm block cipher 15 operate asynchronously.

The AES algorithm block cipher 15 sends pseudo codes 107 to the key generator 16 and the expanded key RAM 14 in FIG. 2 will send the correspond sub-key 108 back to the AES algorithm block cipher 15. This sub-key retrieving process is done within one clock cycle. The AES algorithm block cipher 15 also sends data addresses 109 to the S-box ROM 12 in the key generator 16 and retrieving a correspond substitution value 110 back. The operation for retrieving a substitution value is also finished within one clock cycle.

When the cipher key 100 changing process starts, the FSM controller 10 in FIG. 2 as well as the AES algorithm block cipher 15 receives a reset signal 111 and resets their registers. The FSM controller 10 starts the key expansion process right after the end of the reset signal 111. The FSM controller 10 stores the newly updated sub-key 105 into the expanded key RAM 14 as well as sends the proper sub-key 101 into the feedback loop according to the AES algorithm. Since the expanded key RAM 14 is a build-in memory circuit, it is not accessible from out side of the key generator module. Therefore the input cipher key can be detached or destroyed from the key generator module after the expanded keys are stored in the RAM 14. Thus prevents the input cipher key from being stolen. The feedback loop 101 102 103 104 includes the rotation module 11, the S-box ROM module 12, the round-constant XOR module 13, and the FSM controller 10. The feedback loop circuits, except the FSM controller 10, are all combinational logic circuits. Therefore there is no clock drive through the circuits and the loop finishes its operation in one clock cycle. 

1. A fast key-changing hardware apparatus, which generates one sub-key each clock cycle, which is used by advanced encryption system (AES) algorithm block cipher comprises: rotation module which rotates the specific sub-keys, S-box read only memory (ROM) which stores substitution variables, round constant module which contains round constant and XORs with the specific sub-key at proper time, expanded key random access memory (RAM) which stores the expanded keys, and a finite state machine (FSM) which controls the key expansion process.
 2. The key-changing device of claim 1, wherein said FSM controller receives input cipher key (i.e., 128, 192, 256 bits) in parallel in bits simultaneously.
 3. The key-changing device of claim 1, wherein said rotation module, said S-box ROM, said round constant module, and said expanded key RAM, have no clock input.
 4. The key-changing device of claim 1, wherein said rotation module, said S-box ROM, said round constant module, and said FSM controller, forms a closed feedback loop.
 5. The key-changing device of claim 1, wherein said rotation module, said S-box ROM, and said round constant module, applies its operation to specific sub-key at specific time according to AES algorithm.
 6. The key-changing device of claim 1, wherein said S-box ROM contains duplicated sub-S-box as needed according to the size of the AES data block (i.e., 128, 192, 256 bits) and its key length.
 7. The key-changing device of claim 1, wherein said expanded key RAM contains duplicated sub-key RAM as needed according to the size of the AES data block and its key length.
 8. The key-changing device of claim 1, wherein said FSM controller, and said AES algorithm block cipher receive a reset signal and reset the entire content in their registers.
 9. The key-changing device of claim 1, wherein said FSM controller, automatically starts its key expansion process right after it receives the reset signal.
 10. The key-changing device of claim 1, wherein said FSM controller, generates a signal to the said AES algorithm block cipher right after the expanded keys are ready.
 11. The key-changing device of claim 1, and said AES algorithm block cipher (Rijndael block cipher algorithm) operates asynchronously.
 12. The AES algorithm block cipher of claim 1, and said key-changing device, which has non repeated input keys, can be adjusted so that the data block encryption speed is matched with the key changing and key expansion speed, and to form a one-time pad perfect cryptography system.
 13. The AES algorithm block cipher of claim 1 retrieves a sub-key from the said key-changing device and operates one round of AES algorithm to the data block every clock cycle.
 14. The key-changing device of claim 1 provides different set of expanded keys for the said AES algorithm block cipher each time the cipher key changes.
 15. The key-changing device of claim 1, wherein said FSM controller receives the input cipher key; the input cipher key can be disconnected or destroyed from the system one clock cycle after the reset signal ended.
 16. The key-changing device together with said AES algorithm block cipher of claim 1 can be implemented in encryption or decryption system, where encryption and decryption are two different modules.
 17. The input cipher keys for the said encryption module, and the said decryption module of claim 16 can be different at the same time. 